Segmentation Fault doesn't come up immediately after accessing out-of-bound memory

淺唱寂寞╮ 提交于 2019-11-28 06:54:49

问题


I wrote this piece of code and was expecting a segmentation fault quicly, but it seems I am allowed to access pieces of memory I shouldn't be able to.

#include<stdio.h>
int main()
{
    int tab[1];
    tab[0]=42;
    int i;
    //Expecting Seg Fault from i==1...
    for(i=0;;i++)
    {
        printf("%d \t %d \n", i, tab[i]);
    }
    return 0;
}

I am compiling using:

gcc -Wall -Wextra my_code.c -o segfault && ./segfault

Upon execution, variable i reaches values of order 1000 before I get my Segmentation Fault.

My question is: Why am I able to read tab so far ?

PS: Using #include <stdlib.h> and declaring int * tab = (int*)malloc(sizeof(int)); doesn't change anything...

Thanks, bests.


回答1:


Your array tab will be located someplace on the stack. When you print past the end of the array, you are actually printing values of other memory locations on the stack.

The reason it takes around 1000 iterations to get the seg fault is that the stack is mapped in pages, and pages are usually 4 KB in size. Once you read around 1000 ints, you are around 4000 bytes past where you should be and you have crossed over to an unmapped page. Reading from an unmapped page is what actually triggers the seg fault.

Take note that I am only explaining what happened on your system. There is no guarantee that the stack will be mapped in pages or that the pages will be 4 KB in size. Technically, you are triggering undefined behavior and anything can happen. You might find it illuminating to do printf("%p\n", &tab[i]); on each iteration and see what is the last address it prints before you get the seg fault. If I was right about the 4 KB pages, the last address you see printed will end in ffc because that will be the last 4 bytes on the page.




回答2:


When you're using out-of-bound memory, you'll be facing Undefined behavior. You cannot define something called Undefined behavior.

In your case, it is happening at i = 1000s, in others' case it may very well happen at i=347 or so..

Segmentation fault is the result of accessing memory outside the allowed stack address space of your program. it may run properly and surprise you with apparent proper working if you finish your execution within that memory range. an out-of-bound access may produce vaild memory access till the point you're not crossing the stack memory region.

Consider yourself lucky if you get a segmentation fault, because that tells you, something's wrong. Otherwise, you have no idea of the resulting horror.

Note: as a suggestion, the question title should be changed to .. comes up very late or something simmilar




回答3:


You are accessing outside the boundaries of tab, but you are still in your own stack space (probably because a stack frame is larger than a byte). You have full read / write access on your own stack. This is in fact the reason many cracks are possible.

The segmentation fault occurs when your are going out of the bounds of you own stack. That's the moment you try to access a segment that's not yours (hence the name "segmentation fault").




回答4:


Accessing array out of bound will cause undefined behavior. You are seeing this at i=1000

Check this link: How dangerous is it to access an array out of bounds?




回答5:


Accessing beyond the end of an array is undefined behaviour. Anything may happen. It may work, it may fail, it may reformat your hard drive or it might post questions on stack overflow.

Sometimes it seg faults



来源:https://stackoverflow.com/questions/27269265/segmentation-fault-doesnt-come-up-immediately-after-accessing-out-of-bound-memo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!